-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0050

Title: Buffer Overflow Vulnerabilities in the Cisco WebEx Player  [1]

Version history:
10.04.2012 Initial publication

Summary
=======
The Cisco WebEx Recording Format (WRF) player contains three buffer
overflow vulnerabilities.
Successful exploitation of the vulnerabilities could cause the Cisco WRF
player application to crash and, in some cases, allow a remote attacker
to execute arbitrary code on the system with the privileges of the user
who is running the WRF player application.


    CVE-2012-1335
    CVE-2012-1336
    CVE-2012-1337

CVSS v2 Base Score:9.3 (CRITICAL) (AV:N/AC:M/Au:N/C:C/I:C/A:C) [5]

Vulnerable systems
==================
    Client builds 27.32.0 (T27 LD SP32) and prior
    Client builds 27.25.9 (T27 LC SP25 EP9) and prior
    Client builds 27.21.10 (T27 LB SP21 EP10) and prior
    Client builds 27.11.26 (T27 L SP11 EP26) and prior

To determine the WebEx client build, users can log in to their Cisco
WebEx meeting site and navigate to the Support > Downloads section. The
version of the WebEx client build will be displayed on the right side of
the page. Cisco WebEx software updates are cumulative in client builds.
For example, if client build 27.32.10 is fixed, build 27.32.11 will also
contain the software update. Cisco WebEx site administrators have access
to secondary version nomenclature, such as T27 SP25 EP10.  Such an
example indicates that the server is running client build 27.25.10.

Original Details
================
The WebEx meeting service is a hosted multimedia conferencing solution
that is managed and maintained by Cisco WebEx. The WRF file format is
used to store WebEx meeting recordings that have been recorded on a
WebEx meeting site or on the computer of an online meeting attendee. The
players are applications that are used to play back and edit recording
files, which use the .wrf extension. The WRF players can be
automatically installed when the user accesses a recording file that is
hosted on a WebEx meeting site (for stream playback mode). The WRF
player can also be manually installed after downloading the application
from http://www.webex.com/play-webex-recording.html to play back
recording files locally (for offline playback mode).

Exploitation of the vulnerabilities may cause the player application to
crash or, in some cases, result in remote code execution.

To exploit one of these vulnerabilities, the player application must
open a malicious WRF file. An attacker may be able to accomplish this
exploit by providing the malicious recording file directly to users (for
example, by using e-mail) or by directing a user to a malicious web
page. The vulnerabilities cannot be triggered by users who are attending
a WebEx meeting.


What can you do?
================
Fix is available [1].


What to tell your users?
========================
N/A

More information
================
[1]
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1335
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1336
[4] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1337
[5] Information about CVSS: http://www.first.org/cvss/cvss-guide.html

Best regards,
CERT-EU
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383

(DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in
its setup phase, until May 2012. Services are provided in a pilot
fashion, and are not yet fully functional. Announcements, alerts and
warnings are sent out in best  effort manner, and to contact information
currently known to us. We apologise if you are not the correct
recipient, or if you had already been warned about this issue from
another source . Format, content and way of alerting are subject  to
change in the future. Contact information or even the team name may
change as well.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPhCb8AAoJEPpzpNLI8SVo1b0QAJ7TN5/mKizFo5AT8yb0rp+u
2EPhKacKIYEYnDgrPT3lF9Hjrp2KC/20JGctCqmtzOOQCKjw6T7lqgkrA5TVvMBs
1Qp9m8OwEvFFfGC9dMDuBTvqoVmEBc+mPsnZi8gRcmMnW3Lxm3PIt/hJ33dS4PXe
BIJV1oRUglQmEoAjfSKZeKMskxcqH6Wls0MUSmboEwf63gTp/zdUPBhif0vQgFzv
QVTrgcWOx/O5budzza2NCXUtm4kvWUFIlcmJZ8GFbIVlhroy3vRO71aNDF9YYyHA
cadB24Iyp7pDPoMTujqkvzy93KOt82McpMByFy3vcbIogd7PE+392KwbLDlwTFtg
5WbjpVxEgG++IrhUG1BE1wSuGk+X2GIGzwTTk9lSI4IQnAMWVhjtDwtRwNBF2Rft
8Gf+v6WSAI8TxQ3gnSiIxEaVe3eyKOY6U9ayGNKVlD3o7lTmBaP27ndPkLWxXDh5
uWezNS95SMU3d6nLSD7xfEpSdsZH3qGFD2BPPGJ93McaGv0SrG+wppTT2nlj09nA
4s90M3aUZAsJpD+5Hqz7VRvOKgb0viZ8zTB/CNRh5RJ8IFLrobFFMScSIB3Sy7qK
sm8qD5miPd8fiG4eAvOPk1aPY8+aB36x2h1KPLLNvnZFQJYONTI9LtFdoIUDGgD3
+pLFsNsh6Menha+TFog7
=UhbC
-----END PGP SIGNATURE-----